[graylog2] Re: How to use API token in curl command to call REST API

Hi Marcus, see https://gist.github.com/joschi/21bc88207881581099570dd85588f7df for an example of using a non-expiring API token and https://gist.github.com/joschi/72fb7e75b171c10d3717 for an example of using an expiring session token to access the Graylog REST API. Cheers, Jochen On Monday,

[graylog2] Re: upgrading from graylog-v2.0 to v2.1

Hi Jason, please read the upgrade note for Graylog 2.1.x at https://github.com/Graylog2/graylog2-server/blob/2.1.0-beta.2/UPGRADING.rst. Cheers, Jochen On Monday, 8 August 2016 12:07:51 UTC+2, Jason Haar wrote: > > Hi there > > I know v2.1 is still pre-release, so are there any 'gotchas' with

Re: [graylog2] Re: stuck to install graylog to our VPS Linux CentOS 6

Hi Luke, On Friday, 5 August 2016 05:05:02 UTC+2, Lam Do wrote: > > 1. I'm working on the installations steps from the official document and > using 'service' command instead of 'systemd' to install and enable to run > the service of Java , MongoDB, ElasticSearch and Graylog server without >

[graylog2] Re: AD synced users Timezone keeps reverting to UTC

Hi Ralph, that's a bug that will be fixed in Graylog 2.1.0, see https://github.com/Graylog2/graylog2-server/pull/2395 for details. Cheers, Jochen On Friday, 5 August 2016 21:04:56 UTC+2, Ralph @GM wrote: > > I discovered what my problem was. I was selecting (from the drop down > CST6CDT.

[graylog2] Re: Graylog 2.0.3: Notification condition No_Master has been fixed

Hi Alejandro, please make sure that the setting in your Graylog configuration is being called is_master . Other than that, you'll have to check the logs of your Graylog server to find out the reason why this

[graylog2] Re: How to get reports into a Dashboard

Hi Paul, please elaborate on what kind of information you would want to see on a dashboard, ideally with some specific examples. Cheers, Jochen On Friday, 5 August 2016 13:39:02 UTC+2, Iso Serve wrote: > > Hi I have a client that requires to use GRAYLING to report on log file > information

[graylog2] Re: Separate VMs Running Graylog & Elastic Search Not Connecting

Hi Nathan, try removing the elasticsearch_transport_tcp_port setting from your Graylog configuration and add the port (9300) to the IP address in elasticsearch_discovery_zen_ping_unicast_hosts (so that it's bein set to x.x.x.149:9300). Additionally, your web_endpoint_uri is wrong and should

[graylog2] Re: graylog-web for 2.0

Hi Sam, please read http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html and follow that documentation. Your Graylog REST API seems to only list on the loopback interface. Cheers, Jochen On Thursday, 4 August 2016 09:43:24 UTC+2, sam wrote: > > HI Walderba, > > > Yes I had

[graylog2] Re: Add Elastic Search Nodes?

t; > On Wednesday, August 3, 2016 at 10:18:15 AM UTC-4, Jochen Schalanda wrote: >> >> Hi Nathan, >> >> On Wednesday, 3 August 2016 16:10:55 UTC+2, Nathan Mace wrote: >>> >>> I'm editing /etc/elasticsearch/elasticsearch.yml. That has to be the >>&

[graylog2] Re: Graylog _Encryption

Hi, the received log messages are being indexed into Elasticsearch which doesn't encrypt them by default. The best you can do is to use an encrypted storage device for Elasticsearch indices. Cheers, Jochen On Wednesday, 3 August 2016 17:10:28 UTC+2, Siju Tharakan wrote: > > Syslog received

Re: [graylog2] Re: stuck to install graylog to our VPS Linux CentOS 6

Hi Luke, I'd recommend following the official documentation, which is always up-to-date, instead of some 3rd party blog posts: http://docs.graylog.org/en/2.0/pages/installation/os/centos.html The steps to install Graylog on CentOS 6 are fairly similar. You'll have to use SysV init scripts

[graylog2] Re: Add Elastic Search Nodes?

Hi Nathan, On Wednesday, 3 August 2016 16:10:55 UTC+2, Nathan Mace wrote: > > I'm editing /etc/elasticsearch/elasticsearch.yml. That has to be the > correct file, right? I mean, node 2 doesn't have anything installed > besides ElasticSearch, so what other config file would there be to edit? >

[graylog2] Re: Graylog _Encryption

Hi, On Wednesday, 3 August 2016 16:09:22 UTC+2, Siju Tharakan wrote: > > Is the client log saved as Encrypted format in Graylog Server? if so, what > type of encryption supported? > Which client logs are you referring to, specifically? Cheers, Jochen -- You received this message because you

[graylog2] Re: stuck to install graylog to our VPS Linux CentOS 6

> Luke > > root@*** [~]# yum install graylog-web > Loaded plugins: fastestmirror, security > Setting up Install Process > Loading mirror speeds from cached hostfile > * rpmforge: mirror.chpc.utah.edu > No package graylog-web available. > Error: Nothing to do > > &g

[graylog2] Re: Add Elastic Search Nodes?

zen.minimum_master_nodes: 1 > > I am completely out of ideas. > > > Nathan > > > > On Tuesday, August 2, 2016 at 12:48:39 PM UTC-4, Jochen Schalanda wrote: >> >> Hi Nathan, >> >> it seems your Elasticsearch config is still wrong. Both nodes

[graylog2] Re: Add Elastic Search Nodes?

og > installed it had a log file for it. Not sure why that is. > > Thanks! > > Nathan > > On Tuesday, August 2, 2016 at 11:10:49 AM UTC-4, Jochen Schalanda wrote: >> >> Hi Nathan, >> >> please post the *complete* log files of your Elasticsearch and Graylog >> n

[graylog2] Re: Add Elastic Search Nodes?

encing that port number, so it seems to be all default. If I do a > netstat on both hosts they are both listening on port 9200 and 9300. It > would seem that it is listening, but only allowing connections to 9300 from > localhost? What would I need to change to allow a connect from t

[graylog2] Re: New to graylog Issue to login after server.conf change

5 left intact > * Closing connection #0 > {"type":"ApiError","message":"HTTP 405 Method Not Allowed"}[ > > > > Guillaume. > > > On Tuesday, August 2, 2016 at 2:57:13 PM UTC+2, Jochen Schalanda wrote: >> >> Hi Guillaume, >

[graylog2] Re: Extractors and Pipelines

r made the pipeline I had set up as > a test work fine, so I did get by that. But still curious where these > should be viewed in the greater context, what they should be considered to > replace (if anything) for someone with no legacy to migrate? > > > On Monday, August 1, 2016 at

[graylog2] Re: Add Elastic Search Nodes?

w that I made the change and restarted services, in Graylog it still > shows only 1 node, the field for "Elasticsearch Cluster" just sits and > spins, and I have a number of unprocessed messages. > > Any ideas? > > Nathan > > On Tuesday, August 2, 2016 at

[graylog2] Re: Add Elastic Search Nodes?

ill make the changes. However I am very confused by > your comment about the second node having the cluster.name setting unset. > I'm showing that it is set to "graylog" just like the first node. I'm not > sure at all what you mean. > > Nathan > > On Tuesday, Augu

[graylog2] Re: New to graylog Issue to login after server.conf change

Hi Guillaume, please post your complete Graylog configuration file or be more explicit about how the relevant settings (rest_* and web_*) are configured right now. Also check the Developer Console of your web browser for error messages and post them here. Cheers, Jochen On Tuesday, 2 August

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

at 12:46:48 PM UTC+2, Guillaume Migaszewski >>> wrote: >>>> >>>> Thanks a lot for this outstanding help . >>>> >>>> I ll check those links . I am impressed by your knowledge regarding >>>> REST API and graylog

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

6 at 12:46:48 PM UTC+2, Guillaume Migaszewski > wrote: >> >> Thanks a lot for this outstanding help . >> >> I ll check those links . I am impressed by your knowledge regarding REST >> API and graylog. >> >> I ll let you know. >> >> Thanks f

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

striction ... . > > I am lost . > > Thanks for your assistance. > > Guillaume. > > On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda wrote: >> >> Hi Guillaume, >> >> the web interface of Graylog 2.x is accessing the Graylog REST API &g

[graylog2] Re: Add Elastic Search Nodes?

Hi Nathan, check the elasticsearch_network_host setting of your Graylog nodes. It should be set to one (and only one!) public IP address of the Graylog node which can be accessed by all other Elasticsearch nodes in the cluster. elasticsearch_discovery_zen_ping_unicast_hosts should be a

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

> using the web interface. This means that both components must listen on a > public network interface or be exposed to one using a proxy or NAT! > > > I am not use to this REST API ... so I am confused. ... ah the good old > LAMP setup ... ;) . > > Regards > > Guillaume &

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

Hi Guillaume, how exactly did you install Graylog (OVA, OS packages, or manual install/environment specifics)? Did you read http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html? Cheers, Jochen On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote: > > Dear

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

Hi Arief, On Tuesday, 2 August 2016 10:16:01 UTC+2, Arief Hydayat wrote: > > Later if I increase the memory, again Linux and the JVM will use as much > available memory as possible. and that's normal, right? :-) > Yes, that's correct. > Just with next question anyway, those 3 components

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

Hi Arief, what exactly is the problem? We've already established in the previous mails that Linux and the JVM will use as much available memory as possible. Cheers, Jochen On Tuesday, 2 August 2016 05:10:48 UTC+2, Arief Hydayat wrote: > > Hi Jochen, > > Sorry for that, my bad. I'm asking about

[graylog2] Re: Extractors and Pipelines

Hi Linwood, you can lookup and change the order of the traditional filters (such as extractors) and the new message processor pipeline in the web interface on the System -> Configurations -> Message Processors Configuration page. Cheers, Jochen On Monday, 1 August 2016 21:49:08 UTC+2, Linwood

[graylog2] Re: Add Elastic Search Nodes?

nodes are like this (the new one as well as the one > running Graylog). I'm completely out of ideas. > > Neither system is running a firewall, they are both on the same subnet, > they can both ping one another. Both systems are running CentOS 7. > > Any ideas? > > Nathan

[graylog2] Re: Graylog web access through TCP/443 with Stunnel4

Hi Alejandro, please read http://docs.graylog.org/en/2.0/pages/upgrade.html#from-1-x-to-2-x and http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html. If you're using HTTPS for the Graylog web interface, you also have to use HTTPS for the Graylog REST API. Otherwise your web

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

Hi Arief On Monday, 1 August 2016 11:44:08 UTC+2, Arief Hydayat wrote: > > I didn't get your point with the VM problem? Mean on the VMWare side? > Usually what kind of problem is it? > My question was if you had any problems with the memory consumption in your virtual machine or you only had

[graylog2] Re: Filtering needed log message only (via Stream), and setup an alert

to get the alert early rather that stare on the dashboard actually. > :D > > The Stream rules that I created is receiving log msg from Windows Server. > > On Monday, August 1, 2016 at 2:47:54 PM UTC+8, Jochen Schalanda wrote: >> >> Hi Arief, >> >> the stre

[graylog2] Re: Filtering needed log message only (via Stream), and setup an alert

Hi Arief, the stream with the rule you've described ("level must be exactly 3") should be fine. The alert condition you've created is wrong, as "level:3" is not a field (but "level" is). What exactly do you want to achieve with the alert condition? Cheers, Jochen On Monday, 1 August 2016

[graylog2] Re: Dealing with multiple log formats in the same input

Hi Alexandre, is there anything wrong with running different inputs for different kind of log messages in your opinion? The general format of GELF message is: > @timestamp > @version > level > container_name > conainter_id > image_name > message (content can be JSON, Apache or Tomcat

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

Hi Arief, I guess you're running Graylog, Elasticsearch, and MongoDB on the same machine. Those three applications simply require a certain amount of memory. This being said, your system is fine. Every byte of unused RAM is basically useless and waste, so Linux is trying to optimally fill the

[graylog2] Re: Graylog 2.0 archive feature

Hi Alejandro, On Friday, 29 July 2016 15:15:33 UTC+2, Alejandro Cabrera Obed wrote: > > Is there any possibility that Graylog open source will have the archive > feature enabled in the near future??? > That's rather unlikely at the moment. We have to earn money to live, too. But you can order

[graylog2] Re: Graylog does not show some messages when using two extractors for the same input

Hi Alexandre, the JSON extractor will happily overwrite the existing field and that's probably the problem. If the "level" field is not numeric, Graylog and Elasticsearch will fail to index it. You should find numerous "index failures" in the logs of your Graylog node and in the

[graylog2] Re: graylog cluster

Hi, make sure that all Graylog nodes are using the same MongoDB database and that the password_secret setting is identical across all nodes. See http://docs.graylog.org/en/2.0/pages/configuration/multinode_setup.html for further details. Cheers, Jochen On Friday, 29 July 2016 10:32:38 UTC+2,

[graylog2] Re: Graylog does not show some messages when using two extractors for the same input

Hi Alexandre, are there any error messages in the logs of your Graylog nodes? Are you 100% sure that the Java logs are ingested by Graylog? Are the timestamps of those Java logs correct or might they be "in the future" so that a normal search query doesn't include them? Cheers, Jochen On

Re: [graylog2] Incoming logs incorrectly formatted

Hi Joshua, you can use a JSON extractor for expanding the message field. Seeing that it's a Java application, I'd recommend using one of the many existing GELF appenders for Java logging frameworks on the Graylog Marketplace to let your

[graylog2] Re: Creating a graph using two fields

Hi Alexandre, you can simply run a search for http_code:404 and then select the field you want to create a graph for from the side bar, e. g. "host", and click on "Quick values". The resulting graph can then be added to a dashboard. Cheers, Jochen On Thursday, 28 July 2016 22:23:46 UTC+2,

[graylog2] Re: Searching for fields inside JSON field

you for the information about JSON extractor, I'll try it. > > Cheers, > Alexandre > > Em quinta-feira, 28 de julho de 2016 16:13:01 UTC+1, Jochen Schalanda > escreveu: >> >> Hi Alexandre, >> >> you could use the JSON extractor in Graylog >>

[graylog2] Re: graylog 2.0.3-1 web interface login page slow loading

Hi Hasan, the JavaScript files of the Graylog web interface are already minified. Cheers, Jochen On Thursday, 28 July 2016 20:13:05 UTC+2, hasan akgöz wrote: > > Hello Jochen, > > I see . I didn't change Gzip option. Maybe I try make minify to minify > graylog .js and .css files. is it

[graylog2] Re: Help GRAYLOG input GELF

Hi Rafael, On Thursday, 28 July 2016 18:50:03 UTC+2, Rafael Pereira Silva wrote: > > now my doubt is this: If I want to send logs to another server, type logs > (log of TOMCAT, application LOG) I need to install and configure the logstash > on that server agent? > > The messages have to get

[graylog2] Re: Can't access to Graylog 2.0 web interface

Hi Alejandro, 127.0.0.1 is the so-called loopback address which loops back (ha!) to the local machine and which is not accessible from outside of that system. You need to set rest_listen_uri and web_listen_uri to a publicly accessible IP address, or http://0.0.0.0:12900 and http://0.0.0.0:9000

[graylog2] Re: graylog 2.0.3-1 web interface login page slow loading

Hi Hassan, you can try activating GZIP for the web interface if you accidentally deactivated it (it's enabled by default, see https://github.com/Graylog2/graylog2-server/blob/2.0.3/misc/graylog.conf#L95-L97 ). Other than that I'm afraid there's not much you can do to reduce the initial

[graylog2] Re: Add Elastic Search Nodes?

Hi Nathan, the two configuration settings you've mentioned, elasticsearch_discovery_zen_ping_multicast_enabled and elasticsearch_discovery_zen_ping_unicast_hosts, are from the Graylog configuration file and don't need to be changed when adding another Elasticsearch node. Simply make sure,

[graylog2] Re: Searching for fields inside JSON field

Hi Alexandre, you could use the JSON extractor in Graylog to expand the content of the message field into the Graylog message. But I would recommend using a proper GELF appender for your logging framework in the

[graylog2] Re: Java stacktrace

xandre > > Em quinta-feira, 28 de julho de 2016 14:18:59 UTC+1, Jochen Schalanda > escreveu: >> >> Hi Alexandre, >> >> the Docker GELF driver only supports sending messages line-by-line to >> Graylog. >> >> If you want to receive the complete Ja

[graylog2] Re: Java stacktrace

Hi Alexandre, the Docker GELF driver only supports sending messages line-by-line to Graylog. If you want to receive the complete Java stack trace of an exception in one message, you should use one of the existing GELF appenders for the logging framework being used in your Java application.

[graylog2] Re: Settings for Journal when utilization is too high

Hi Roberto, I'm sure you think your issue is urgent, but please stick to one thread on the mailing list for each individual problem: - https://groups.google.com/d/msg/graylog2/tw9IH9uw_l4/B68bwV6NAgAJ - https://groups.google.com/d/msg/graylog2/Yz3jmpfqnwQ/0jEowgPqAgAJ Cheers, Jochen

[graylog2] Re: Alert use case scenario

Hi, that's currently not possible with Graylog, but feel free to create a feature request with your use cases at https://github.com/Graylog2/graylog2-server/issues/new. Cheers, Jochen On Wednesday, 27 July 2016 21:41:07 UTC+2, GambitK wrote: > > Because a particular request for alerting, I

[graylog2] Re: possible to restrict select'able saved searches per user/role/stream?

Hi, saved searches are currently global objects in Graylog and not specific to a user or a role. There's a feature request for this at https://github.com/Graylog2/graylog2-server/issues/520. Feel free to add your comments (but please no simple "+1"…) there. Cheers, Jochen On Thursday, 28

[graylog2] Re: Graylog is restarting...

Hi Lino, please check the logs of the Graylog process in /var/log/graylog/* for error messages. Cheers, Jochen On Wednesday, 27 July 2016 23:37:13 UTC+2, Lino Edgar wrote: > > Hi Community > > > Greetings > > > Excuse me, after install Graylog2 is not able to display the webpage, I > have the

Re: [graylog2] Re: Backup of indices in Graylog 1.3

Hi Roberto, please refer to the Elasticsearch documentation about backing up and restoring indices for answers to those questions: - https://www.elastic.co/guide/en/elasticsearch/guide/1.x/backing-up-your-cluster.html -

Re: [graylog2] Incoming logs incorrectly formatted

Hi Joshua, On Thursday, 28 July 2016 00:00:36 UTC+2, Joshua Walderbach wrote: > > I did that and reformatted my nxlog.conf. But messages are truncated for > my platform logs, windows events look great. This problem is most likely caused by the default value of the ShortMessageLength setting

[graylog2] Re: stuck to install graylog to our VPS Linux CentOS 6

Hi Luke, there's some broken YUM/RPM repository on your system. Remove or disable the "scl" repository (see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Managing_Yum_Repositories.html for details) and run yum update. Cheers, Jochen On

[graylog2] Re: ./graylogctl restart results in /tmp/graylog.pid not found

Hi Sruthi, which exact version of Graylog are you using and how did you install Graylog? Cheers, Jochen On Wednesday, 27 July 2016 10:43:25 UTC+2, Sruthi wrote: > > up vote > down votefavorite >

[graylog2] Re: Elasticsearch 5?

Hi Michael, Elasticsearch 5.x is not and most probably will not be supported by Graylog 2.x. Future versions of Elasticsearch 2.x probably will work out-of-the-box, though. Cheers, Jochen On Tuesday, 26 July 2016 20:23:22 UTC+2, Michael Taylor wrote: > > The docs say Elasticsearch 2.1 or

[graylog2] Re: Help graylog2 can not start!!!

Hi Nile, please make sure that the "data" directory is readable for the Graylog user. You could also set elasticsearch_path_home and elasticsearch_path_data in your Graylog configuration file to any readable directory. As a side node, you can't use the ~ character for path settings in the

[graylog2] Re: Web UI Output Indicator Bug (perhaps?)

Hi Ryan, there is always a default output into Elasticsearch (otherwise you couldn't search for messages), so that's what's being shown in the throughput indicator in the Graylog web interface. Cheers, Jochen On Monday, 25 July 2016 20:07:46 UTC+2, Ryan Gelston wrote: > > Hello Graylog Users,

[graylog2] Re: Disk Journal / Kafka Input / Throttling

we are running 2.0.3) > > On Tuesday, 19 July 2016 22:04:59 UTC+10, Jochen Schalanda wrote: >> >> Hi Eli, >> >> On Tuesday, 19 July 2016 13:18:49 UTC+2, Eli Jordan wrote: >>> >>> My understanding is that the disk journal is just an internal Kafka >&

[graylog2] Re: mongod process using over 100% CPU slowing down graylog

Hi Ariel, MongoDB shouldn't need much processing power when being used by Graylog. Are there any error messages in the logs of your MongoDB nodes? Are there any unusually large collections in the MongoDB database used by Graylog? Which MongoDB storage engine (MMAPv1, WiredTiger) are you using?

[graylog2] Re: Several indices from 1 and 2 hours ago

nks a lot!! > > > El lunes, 25 de julio de 2016, 11:32:31 (UTC-3), Jochen Schalanda escribió: >> >> Hi Roberto, >> >> which exact version of Graylog are you using? >> >> There were some versions of Graylog which would rotate the indices on >>

[graylog2] Re: Several indices from 1 and 2 hours ago

Hi Roberto, which exact version of Graylog are you using? There were some versions of Graylog which would rotate the indices on startup if the time-based rotation strategy was being used, even if the shouldn't be rotated according to their age. Would it be feasible for you to upgrade to

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

d > -rw--- 1 graylog graylog 4707 Jul 10 16:59 _2pkd.fnm > -rw--- 1 graylog graylog 568 Jul 10 16:59 _2pkd.si > -rw--- 1 graylog graylog 230 Jul 14 03:18 segments_35 > > Thank for the tools link. Been check between 30 - 50 messages/sec still > consid

[graylog2] Re: Input shows running but no messages getting retrieved

Hi Thara, I think your rsyslog configuration is incorrect. "." will not match any messages, I think you mean "*.*" instead. Please refer to https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md#rsyslog for instructions how to configure rsyslog. Cheers, Jochen On

[graylog2] Re: Changing map theme for geolocation

Hi Aykisn, that's currently not possible but feel free to open a feature request for this at https://github.com/Graylog2/graylog-plugin-map-widget/issues. Cheers, Jochen On Monday, 25 July 2016 08:11:05 UTC+2, Aykisn wrote: > > Hello, > > I am using the free GeoLite2 database and I was

[graylog2] Re: Removing some help messages on the web interface

Hi Aykisn, those hints can currently not be removed without forking Graylog and modifying the web interface yourself. Cheers, Jochen On Monday, 25 July 2016 09:24:39 UTC+2, Aykisn wrote: > > Hello, > > I didn't find any info on this. I was wondering i there was any way to > remove some of the

[graylog2] Re: Graylor-collector for Debian 7

Hi Tony, there currently aren't any DEB packages for the Graylog Collector working on Debian 7. You can still download and install the official binaries from https://github.com/Graylog2/collector#binary-download and make your init system start it on boot. This being said, a working SysV init

[graylog2] Re: Input shows running but no messages getting retrieved

Hi Thara, please describe in detail which type of input you have set up in Graylog, how you have configured it, and how you have configured your clients. Cheers, Jochen On Thursday, 21 July 2016 19:54:29 UTC+2, Thara Savio wrote: > > The input shows running but no messages getting retrieved.

[graylog2] Re: Do we have use separate ports servers to send logs to graylog

Hi Thara, different inputs usually listen on different ports, so if you have multiple input formats like syslog, GELF, or any other, you'll most likely have to use different ports for those inputs. This being said, if you only have syslog messages you want to record, you can use a single

[graylog2] Re: IF ELSE replace for Extractors

Hi Julio, currently that's not easily possible but we plan to introduce functions for lookups in dictionaries or external sources in the message processing pipelines (http://docs.graylog.org/en/2.0/pages/pipelines.html) in a future version. Cheers, Jochen On Thursday, 21 July 2016 17:19:48

[graylog2] Re: ERROR Appenders contains an invalid element or attribute "Memory"

, 21 July 2016 18:35:53 UTC+5:30, Jochen Schalanda wrote: >> >> Hi Pisa, >> >> how exactly did you install Graylog (please describe it step by step)? >> >> The error messages from the logs look like an invalid Log4j 2 >> configuration or an invalid class pa

[graylog2] Re: ERROR Appenders contains an invalid element or attribute "Memory"

Hi Pisa, how exactly did you install Graylog (please describe it step by step)? The error messages from the logs look like an invalid Log4j 2 configuration or an invalid class path. The other error message you've mentioned ({"type":"ApiError","message":"HTTP 404 Not Found"}) is the normal

[graylog2] Re: graylog-collector not working on ubuntu 14.04.4

Hi, the Graylog Collector itself won't listen on any network interface. The server-url configuration setting simply specifies the URI of the Graylog REST API that the Graylog Connector should register at. Additionally, the GELF output should probably not be configured with port 12900 (which

[graylog2] Re: GrayLog2 on mac

Hi, you need to provide a path to the Graylog configuration file if you don't use the default. See the "-f" or "--configfile" command line parameters of the Graylog command. Cheers, Jochen On Thursday, 21 July 2016 03:39:41 UTC+2, er.jayp...@gmail.com wrote: > > Can anyone please help me out

[graylog2] Re: Inputs not displaying under sources

Hi Thara, inputs will not show on the "Sources" page. That will simply show some comprehensive statistics about the "source" field of all indexed messages. If you don't receive any messages, there won't be anything to display on the "Sources" page in the web interface. Cheers, Jochen On

[graylog2] Re: Graylog compilation guideline

Hi Anant, you basically just need Java 8 (we recommend using the latest Oracle JDK) and Maven 3 on your system. Everything else (e. g. Node.js) will be downloaded automatically. Please refer to the .travis.yml file which is

[graylog2] Re: Disk Journal / Kafka Input / Throttling

Hi Eli, On Tuesday, 19 July 2016 13:18:49 UTC+2, Eli Jordan wrote: > > My understanding is that the disk journal is just an internal Kafka topic. > Since we are already using Kafka to buffer messages, this seems redundant. > (Also, since we are running graylog in docker the journal is transient

[graylog2] Re: Configure Graylog WebInterface on a dedicated server

ch one will have its own web interface ?? it is > not pratical when searching for logs > > > > > Le mardi 19 juillet 2016 11:15:24 UTC+2, Jochen Schalanda a écrit : >> >> Hi, >> >> no, Graylog 2.x currently doesn't allow running only the web interface. &

[graylog2] Re: Configure Graylog WebInterface on a dedicated server

Hi, no, Graylog 2.x currently doesn't allow running only the web interface. Cheers, Jochen On Tuesday, 19 July 2016 11:10:47 UTC+2, sangh wrote: > > Hi, > > I am using two graylog server with a load balancer. i want to install the > web interface along with the load balancer. With Graylog 2.0

[graylog2] Re: Unble to get graylog webinterface

the UI of the "Graylog" only the above > mentioned message. I am attaching the Logs file of Graylog may be you can > find something which I am certainly missing to locate. > > Thanking in Advance > > Anant. > > > > > On Friday, 15 July 2016 21:58:

[graylog2] Re: Unble to get graylog webinterface

How do we overcome this?? I am attaching the conf files. > > Again Thanks in advance!! > > Anant > > On Friday, 15 July 2016 18:31:47 UTC+5:30, Jochen Schalanda wrote: >> >> Hi Anant, >> >> according to your logs, the Graylog RES

[graylog2] Re: Trouble Receiving Syslog Messages

t > page only has the following to choose from in the new input type: > > GELF AMQP > GELF HTTP > GELF TCP > GELF UDP > GELF KAFKA > JSON > > No plain text option. What could cause that? Thanks! > > Nathan > > > On Friday, July 15, 2016 at 4:2

[graylog2] Re: Unble to get graylog webinterface

Hi Anant, according to your logs, the Graylog REST API and the Graylog web interface have been successfully started: 2016-07-15 16:38:00,442 INFO : > org.graylog2.initializers.WebInterfaceService - Started Web Interface at > > 2016-07-15 16:38:00,443 INFO : >

[graylog2] Re: problem with certificate for HTTPS on the webinterface

Hi Thomas, the virtual machine appliances rely on the graylog-ctl script which will regenerate the Graylog configuration from a template each time you run graylog-ctl reconfigure. Please take a look at

[graylog2] Re: Single Server Setup vs Multi Server

Hi Nathan, please take a look at https://www.graylog.org/tools/sizing-estimator for an educated guess about the hardware requirements for your environment. Cheers, Jochen On Thursday, 14 July 2016 19:46:24 UTC+2, Nathan Mace wrote: > > What is the amount of data inputted per day that you

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, On Friday, 15 July 2016 09:04:21 UTC+2, Arief Hydayat wrote: > > Just wondering if I continue using these current OVA with default setting > in indices is 2000 Max doc per index and current disk 200GB, how many > target server we can add-in to send messages to the Graylog? >

[graylog2] Re: Trouble Receiving Syslog Messages

Hi Nathan, On Thursday, 14 July 2016 19:38:20 UTC+2, Nathan Mace wrote: > > That said, how do I add the Raw/Plaintext input? I understand how to add > an input generally, but not one that is specifically for plain text. > There are several types of inputs n the System / Inputs page in the

[graylog2] Re: Graylog indexes

Hi Henrique, that's not possible with Graylog. What you can do, though, is create a separate stream for each of your servers by filtering on the "source" field of the ingested messages. Please refer to http://docs.graylog.org/en/2.0/pages/streams.html for more information about streams.

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, running graylog-ctl reconfigure will recreate the configuration file from our templates and reset your changes. Cheers, Jochen On Thursday, 14 July 2016 04:45:43 UTC+2, Arief Hydayat wrote: > > Hi Jochen, > > OK I give a try on that. > > > > *ubuntu@graylog:~$ cat

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, the OVA is suited for small production setups. For the "real deal", we recommend setting up the components yourself (to be able to tweak them according to your use cases) using the official OS packages (DEB, RPM)

[graylog2] Re: How to deal with Journal Utilization is too high?

Hi Arief, the output_batch_size and output_flush_interval settings can be configured in Graylog's configuration file, and

[graylog2] Re: How to take a backup grylog

Hi, Graylog stores its configuration in two places: the configuration file (e. g. /etc/graylog/server.conf) and MongoDB. You can use the normal MongoDB backup and restore procedures to make a backup of Graylog's configuration: https://docs.mongodb.com/manual/core/backups/ If you additionally

[graylog2] Re: How to deal with Journal Utilization is too high?

Hi Arief, messages piling up in the Graylog journal usually means that Elasticsearch cannot keep up with indexing all the messages thrown at it. Try providing more memory and CPU cores to the virtual machine. You can also try and tweak several Elasticsearch related settings like

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, you can make the Elasticsearch cluster health state GREEN, if you configure the indices (and Graylog) to not use replication, see https://github.com/Graylog2/graylog2-server/blob/2.0.3/misc/graylog.conf#L191-L193 . Cheers, Jochen On Wednesday, 13 July 2016 10:52:13 UTC+2, Arief

<    3   4   5   6   7   8   9   10   11   12   >